Polycom Employee

If you've deployed Polycom RealPresence Resource Manager (RPRM) including Polycom RealPresence Video DualManager 400 (VDM), then please take a moment and read Security Bulletin 5471: Security Advisory Relating to JBoss Application Server on RealPresence Resou....  


The underlying issue is that the internal JBoss Application Server is vulnerable to remote command execution via the ‘HTTP Invoker’ service that provides Remote Method Invocation (RMI over HTTP). Access to the URLs ‘/invoker/EJBInvokerServlet’or ‘/invoker/JMXInvokerServlet’ with detached invoker operation via an HTTP POST request can be used to deploy a malicious remote Web Application Archive. 


What does this mean?  If you use RPRM version 7.x up through and including the just released 8.1.0 then please read the security bulletin and contact Polycom Support for a patch. 


In general, all security bulletins are available at the Polycom Security Center.  They are also available via RSS Feed